Access control requires effective (correct) and timely policies which should relate the need for access to sensitive resources to be protected. There are existing models to provide access control with minimal administrative overhead. One of the simplest models is to directly assign permissions to users. However, such policies are large, and difficult to manage in dynamic environments. Newer policy models, such as role based access control (RBAC) that groups permissions into roles and assigns roles to users, have been developed to address the issues with prior work. While newer models decrease the administrative costs, they still require administrative actions to make changes to policies as needs change.
Attribute based access control (ABAC) is a popular model that grants access to users based on the attributes of the user and the request, such as the attributes of the permission and resources. As the attributes of the users change, access can be automatically granted. As resources are added, users with the required attributes are automatically granted access, making administration easier and more cost effective. ABAC requires a policy. Currently, such policies must be manually defined and written.